%0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne Frances %E Millett, Lynette I. %T Recoverability as a First-Class Security Objective: Proceedings of a Workshop %@ 978-0-309-48370-4 %D 2018 %U https://nap.nationalacademies.org/catalog/25240/recoverability-as-a-first-class-security-objective-proceedings-of-a %> https://nap.nationalacademies.org/catalog/25240/recoverability-as-a-first-class-security-objective-proceedings-of-a %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 56 %X The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and government roles who spoke about the complex facets of recoverability—that is, the ability to restore normal operations and security in a system affected by software or hardware failure or a deliberate attack. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Academies of Sciences, Engineering, and Medicine %T A 21st Century Cyber-Physical Systems Education %@ 978-0-309-45163-5 %D 2016 %U https://nap.nationalacademies.org/catalog/23686/a-21st-century-cyber-physical-systems-education %> https://nap.nationalacademies.org/catalog/23686/a-21st-century-cyber-physical-systems-education %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 106 %X Cyber-physical systems (CPS) are "engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components." CPS can be small and closed, such as an artificial pancreas, or very large, complex, and interconnected, such as a regional energy grid. CPS engineering focuses on managing inter- dependencies and impact of physical aspects on cyber aspects, and vice versa. With the development of low-cost sensing, powerful embedded system hardware, and widely deployed communication networks, the reliance on CPS for system functionality has dramatically increased. These technical developments in combination with the creation of a workforce skilled in engineering CPS will allow the deployment of increasingly capable, adaptable, and trustworthy systems. Engineers responsible for developing CPS but lacking the appropriate education or training may not fully understand at an appropriate depth, on the one hand, the technical issues associated with the CPS software and hardware or, on the other hand, techniques for physical system modeling, energy and power, actuation, signal processing, and control. In addition, these engineers may be designing and implementing life-critical systems without appropriate formal training in CPS methods needed for verification and to assure safety, reliability, and security. A workforce with the appropriate education, training, and skills will be better positioned to create and manage the next generation of CPS solutions. A 21st Century Cyber-Physical Systems Education examines the intellectual content of the emerging field of CPS and its implications for engineering and computer science education. This report is intended to inform those who might support efforts to develop curricula and materials; faculty and university administrators; industries with needs for CPS workers; and current and potential students about intellectual foundations, workforce requirements, employment opportunities, and curricular needs. %0 Book %A National Research Council %E Clark, David %E Berson, Thomas %E Lin, Herbert S. %T At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues %@ 978-0-309-30318-7 %D 2014 %U https://nap.nationalacademies.org/catalog/18749/at-the-nexus-of-cybersecurity-and-public-policy-some-basic %> https://nap.nationalacademies.org/catalog/18749/at-the-nexus-of-cybersecurity-and-public-policy-some-basic %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 150 %X We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace. %0 Book %A National Research Council %E Jackson, Daniel %E Thomas, Martyn %E Millett, Lynette I. %T Software for Dependable Systems: Sufficient Evidence? %@ 978-0-309-10394-7 %D 2007 %U https://nap.nationalacademies.org/catalog/11923/software-for-dependable-systems-sufficient-evidence %> https://nap.nationalacademies.org/catalog/11923/software-for-dependable-systems-sufficient-evidence %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 148 %X The focus of Software for Dependable Systems is a set of fundamental principles that underlie software system dependability and that suggest a different approach to the development and assessment of dependable software. Unfortunately, it is difficult to assess the dependability of software. The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which—although often useful for indicating areas of concern or highlighting promising avenues of research—do little to establish a sound and complete basis for making policy decisions regarding dependability. The committee regards claims of extraordinary dependability that are sometimes made on this basis for the most critical of systems as unsubstantiated, and perhaps irresponsible. This difficulty regarding the lack of evidence for system dependability leads to two conclusions: (1) that better evidence is needed, so that approaches aimed at improving the dependability of software can be objectively assessed, and (2) that, for now, the pursuit of dependability in software systems should focus on the construction and evaluation of evidence. The committee also recognized the importance of adopting the practices that are already known and used by the best developers; this report gives a sample of such practices. Some of these (such as systematic configuration management and automated regression testing) are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers. However valuable, though, these practices are in themselves no silver bullet, and new techniques and methods will be required in order to build future software systems to the level of dependability that will be required. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne %E Millett, Lynette I. %T Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop %@ 978-0-309-49149-5 %D 2019 %U https://nap.nationalacademies.org/catalog/25418/beyond-spectre-confronting-new-technical-and-policy-challenges-proceedings-of %> https://nap.nationalacademies.org/catalog/25418/beyond-spectre-confronting-new-technical-and-policy-challenges-proceedings-of %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 84 %X In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at which computers operate. The discovery upends a number of common assumptions about cybersecurity and draws attention to the complexities of the global supply chain and global customer base for the vast range of devices and cloud capabilities that all computer users rely on. In October 2018, the Forum on Cyber Resilience hosted a workshop to explore the implications of this development. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Research Council %T Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop %@ 978-0-309-16090-2 %D 2010 %U https://nap.nationalacademies.org/catalog/12998/toward-better-usability-security-and-privacy-of-information-technology-report %> https://nap.nationalacademies.org/catalog/12998/toward-better-usability-security-and-privacy-of-information-technology-report %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 70 %X Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider--including the vast majority of employees in many organizations and a large fraction of households--but the basic models for security and privacy are essentially unchanged. Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it. The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. Toward Better Usability, Security, and Privacy of Information Technology discusses computer system security and privacy, their relationship to usability, and research at their intersection. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne Frances %E Millett, Lynette I. %T Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop %@ 978-0-309-46288-4 %D 2017 %U https://nap.nationalacademies.org/catalog/24833/software-update-as-a-mechanism-for-resilience-and-security-proceedings %> https://nap.nationalacademies.org/catalog/24833/software-update-as-a-mechanism-for-resilience-and-security-proceedings %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 92 %X Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Academies of Sciences, Engineering, and Medicine %T Decrypting the Encryption Debate: A Framework for Decision Makers %@ 978-0-309-47153-4 %D 2018 %U https://nap.nationalacademies.org/catalog/25010/decrypting-the-encryption-debate-a-framework-for-decision-makers %> https://nap.nationalacademies.org/catalog/25010/decrypting-the-encryption-debate-a-framework-for-decision-makers %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 118 %X Encryption protects information stored on smartphones, laptops, and other devices - in some cases by default. Encrypted communications are provided by widely used computing devices and services - such as smartphones, laptops, and messaging applications - that are used by hundreds of millions of users. Individuals, organizations, and governments rely on encryption to counter threats from a wide range of actors, including unsophisticated and sophisticated criminals, foreign intelligence agencies, and repressive governments. Encryption on its own does not solve the challenge of providing effective security for data and systems, but it is an important tool. At the same time, encryption is relied on by criminals to avoid investigation and prosecution, including criminals who may unknowingly benefit from default settings as well as those who deliberately use encryption. Thus, encryption complicates law enforcement and intelligence investigations. When communications are encrypted "end-to-end," intercepted messages cannot be understood. When a smartphone is locked and encrypted, the contents cannot be read if the phone is seized by investigators. Decrypting the Encryption Debate reviews how encryption is used, including its applications to cybersecurity; its role in protecting privacy and civil liberties; the needs of law enforcement and the intelligence community for information; technical and policy options for accessing plaintext; and the international landscape. This book describes the context in which decisions about providing authorized government agencies access to the plaintext version of encrypted information would be made and identifies and characterizes possible mechanisms and alternative means of obtaining information. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne Frances %E Millett, Lynette I. %T Cryptographic Agility and Interoperability: Proceedings of a Workshop %@ 978-0-309-45356-1 %D 2017 %U https://nap.nationalacademies.org/catalog/24636/cryptographic-agility-and-interoperability-proceedings-of-a-workshop %> https://nap.nationalacademies.org/catalog/24636/cryptographic-agility-and-interoperability-proceedings-of-a-workshop %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 90 %X In May 2016, the National Academies of Sciences, Engineering, and Medicine hosted a workshop on Cryptographic Agility and Interoperability. Speakers at the workshop discussed the history and practice of cryptography, its current challenges, and its future possibilities. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne %E Grumbling, Emily %T Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop %@ 978-0-309-49450-2 %D 2019 %U https://nap.nationalacademies.org/catalog/25488/implications-of-artificial-intelligence-for-cybersecurity-proceedings-of-a-workshop %> https://nap.nationalacademies.org/catalog/25488/implications-of-artificial-intelligence-for-cybersecurity-proceedings-of-a-workshop %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 98 %X In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious security concerns: cyberattacks have escalated in number, frequency, and impact, drawing increased attention to the vulnerabilities of cyber systems and the need to increase their security. In the face of this changing landscape, there is significant concern and interest among policymakers, security practitioners, technologists, researchers, and the public about the potential implications of AI and ML for cybersecurity. The National Academies of Sciences, Engineering, and Medicine convened a workshop on March 12-13, 2019 to discuss and explore these concerns. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Research Council %E Kent, Stephen T. %E Millett, Lynette I. %T Who Goes There?: Authentication Through the Lens of Privacy %@ 978-0-309-08896-1 %D 2003 %U https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy %> https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 232 %X Who Goes There?: Authentication Through the Lens of Privacy explores authentication technologies (passwords, PKI, biometrics, etc.) and their implications for the privacy of the individuals being authenticated. As authentication becomes ever more ubiquitous, understanding its interplay with privacy is vital. The report examines numerous concepts, including authentication, authorization, identification, privacy, and security. It provides a framework to guide thinking about these issues when deciding whether and how to use authentication in a particular context. The book explains how privacy is affected by system design decisions. It also describes government’s unique role in authentication and what this means for how government can use authentication with minimal invasions of privacy. In addition, Who Goes There? outlines usability and security considerations and provides a primer on privacy law and policy. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Johnson, Anne %E Millett, Lynette I. %T Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop %@ 978-0-309-44505-4 %D 2016 %U https://nap.nationalacademies.org/catalog/23559/data-breach-aftermath-and-recovery-for-individuals-and-institutions-proceedings %> https://nap.nationalacademies.org/catalog/23559/data-breach-aftermath-and-recovery-for-individuals-and-institutions-proceedings %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 66 %X In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. This publication summarizes the presentations and discussions from the workshop. %0 Book %A National Academies of Sciences, Engineering, and Medicine %E Millett, Lynette I. %E Fischhoff, Baruch %E Weinberger, Peter J. %T Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions %@ 978-0-309-45529-9 %D 2017 %U https://nap.nationalacademies.org/catalog/24676/foundational-cybersecurity-research-improving-science-engineering-and-institutions %> https://nap.nationalacademies.org/catalog/24676/foundational-cybersecurity-research-improving-science-engineering-and-institutions %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Conflict and Security Issues %P 104 %X Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to adapt. Despite considerable investments of resources and intellect, cybersecurity continues to poses serious challenges to national security, business performance, and public well-being. Modern developments in computation, storage and connectivity to the Internet have brought into even sharper focus the need for a better understanding of the overall security of the systems we depend on. Foundational Cybersecurity Research focuses on foundational research strategies for organizing people, technologies, and governance. These strategies seek to ensure the sustained support needed to create an agile, effective research community, with collaborative links across disciplines and between research and practice. This report is aimed primarily at the cybersecurity research community, but takes a broad view that efforts to improve foundational cybersecurity research will need to include many disciplines working together to achieve common goals. %0 Book %A National Research Council %A National Academy of Engineering %E Goodman, Seymour E. %E Lin, Herbert S. %T Toward a Safer and More Secure Cyberspace %@ 978-0-309-10395-4 %D 2007 %U https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace %> https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Conflict and Security Issues %P 328 %X Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation’s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets. Toward a Safer and More Secure Cyberspace examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety. %0 Book %A National Research Council %E Hennessy, John L. %E Patterson, David A. %E Lin, Herbert S. %T Information Technology for Counterterrorism: Immediate Actions and Future Possibilities %@ 978-0-309-08736-0 %D 2003 %U https://nap.nationalacademies.org/catalog/10640/information-technology-for-counterterrorism-immediate-actions-and-future-possibilities %> https://nap.nationalacademies.org/catalog/10640/information-technology-for-counterterrorism-immediate-actions-and-future-possibilities %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Conflict and Security Issues %P 144 %X Information technology (IT) is essential to virtually all of the nation’s critical infrastructures making them vulnerable by a terrorist attack on their IT system. An attack could be on the system itself or use the IT system to launch or exacerbate another type of attack. IT can also be used as a counterterrorism tool. The report concludes that the most devastating consequences of a terrorist attack would occur if it were on or used IT as part of a broader attack. The report presents two recommendations on what can be done in the short term to protect the nation’s communications and information systems and several recommendations about what can be done over the longer term. The report also notes the importance of considering how an IT system will be deployed to maximize protection against and usefulness in responding to attacks. %0 Book %A National Academies of Sciences, Engineering, and Medicine %T Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration %@ 978-0-309-39150-4 %D 2021 %U https://nap.nationalacademies.org/catalog/26105/looking-ahead-at-the-cybersecurity-workforce-at-the-federal-aviation-administration %> https://nap.nationalacademies.org/catalog/26105/looking-ahead-at-the-cybersecurity-workforce-at-the-federal-aviation-administration %I The National Academies Press %C Washington, DC %G English %K Industry and Labor %K Computers and Information Technology %P 112 %X The Federal Aviation Administration (FAA) has overseen significant upgrades to the technology used to manage aviation operations to increase the safety and efficiency of the National Airspace System (NAS). Though necessary to regular operations, these modern computing and communications systems provide a greater attack surface for criminals, terrorists, or nation-states to exploit and thereby increase the potential for cybersecurity threats to the NAS and its constituents. The future safety and security of air travel will rely in part on the ability of the FAA to build a workforce capable of addressing the evolving cybersecurity threat landscape. Securing the computers, networks, and data that underpin modern aviation depends in part on the FAA having enough cybersecurity professionals (capacity) with the right knowledge, skills, and abilities (capability)). It also depends on the FAA's workforce having sufficient diversity of backgrounds and experience. Such diversity is critical in analyzing cybersecurity problems and widely understood to be a "functional imperative" for effective cybersecurity programs. At the request of Congress, the publication examines the FAA's cybersecurity workforce challenges, reviews the current strategy for meeting those challenges, and recommends ways to strengthen the FAA's cybersecurity workforce. %0 Book %A Transportation Research Board %A National Research Council %T Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 %D 2003 %U https://nap.nationalacademies.org/catalog/10730/cybersecurity-of-freight-information-systems-a-scoping-study-special-report %> https://nap.nationalacademies.org/catalog/10730/cybersecurity-of-freight-information-systems-a-scoping-study-special-report %I The National Academies Press %C Washington, DC %G English %K Transportation and Infrastructure %K Computers and Information Technology %P 96 %X TRB Special Report 274 - Cybersecurity of Freight Information Systems: A Scoping Study reviews trends in the use of information technology in the freight transportation industry and assesses potential vulnerabilities to a cyberattack. Special Report 274 Summary %0 Book %A National Research Council %T Critical Code: Software Producibility for Defense %@ 978-0-309-15948-7 %D 2010 %U https://nap.nationalacademies.org/catalog/12979/critical-code-software-producibility-for-defense %> https://nap.nationalacademies.org/catalog/12979/critical-code-software-producibility-for-defense %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Conflict and Security Issues %P 160 %X Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books—Summary of a Workshop on Software Intensive Systems and Uncertainty at Scale and Preliminary Observations on DoD Software Research Needs and Priorities—the present volume assesses the nature of the national investment in software research and, in particular, considers ways to revitalize the knowledge base needed to design, produce, and employ software-intensive systems for tomorrow's defense needs. Critical Code discusses four sets of questions: To what extent is software capability significant for the DoD? Is it becoming more or less significant and strategic in systems development? Will the advances in software producibility needed by the DoD emerge unaided from industry at a pace sufficient to meet evolving defense requirements? What are the opportunities for the DoD to make more effective use of emerging technology to improve software capability and software producibility? In which technology areas should the DoD invest in research to advance defense software capability and producibility? %0 Book %A National Research Council %E Pato, Joseph N. %E Millett, Lynette I. %T Biometric Recognition: Challenges and Opportunities %@ 978-0-309-14207-6 %D 2010 %U https://nap.nationalacademies.org/catalog/12720/biometric-recognition-challenges-and-opportunities %> https://nap.nationalacademies.org/catalog/12720/biometric-recognition-challenges-and-opportunities %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Engineering and Technology %K Conflict and Security Issues %P 182 %X Biometric recognition--the automated recognition of individuals based on their behavioral and biological characteristic--is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and increase the efficiency of access to services and their utilization. Biometric recognition has been applied to identification of criminals, patient tracking in medical informatics, and the personalization of social services, among other things. In spite of substantial effort, however, there remain unresolved questions about the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. Moreover, the general public has been exposed to biometrics largely as high-technology gadgets in spy thrillers or as fear-instilling instruments of state or corporate surveillance in speculative fiction. Now, as biometric technologies appear poised for broader use, increased concerns about national security and the tracking of individuals as they cross borders have caused passports, visas, and border-crossing records to be linked to biometric data. A focus on fighting insurgencies and terrorism has led to the military deployment of biometric tools to enable recognition of individuals as friend or foe. Commercially, finger-imaging sensors, whose cost and physical size have been reduced, now appear on many laptop personal computers, handheld devices, mobile phones, and other consumer devices. Biometric Recognition: Challenges and Opportunities addresses the issues surrounding broader implementation of this technology, making two main points: first, biometric recognition systems are incredibly complex, and need to be addressed as such. Second, biometric recognition is an inherently probabilistic endeavor. Consequently, even when the technology and the system in which it is embedded are behaving as designed, there is inevitable uncertainty and risk of error. This book elaborates on these themes in detail to provide policy makers, developers, and researchers a comprehensive assessment of biometric recognition that examines current capabilities, future possibilities, and the role of government in technology and system development. %0 Book %A National Research Council %T Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy %@ 978-0-309-16035-3 %D 2010 %U https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and %> https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and %I The National Academies Press %C Washington, DC %G English %K Conflict and Security Issues %K Computers and Information Technology %P 400 %X In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.